The following abbreviations are herewith defined, at least some of which are referred to within the following description of the state-of-the-art and the present invention.
ASIC Application Specific Integrated CircuitDDoSDistributed Denial of ServiceDHCPDynamic Host Configuration ProtocolDoSDenial of ServiceDUTDevice Under TestIPInternet ProtocolLANLocal Area NetworkMACMedia Access ControlMANMetropolitan Area NetworkPCPersonal ComputerSMBServer Message Block (protocol)TCAMTernary Content Addressable MemoryWANWide Area Network
Computers are electronic devices that can manipulate and store data, and they are used in a wide variety of applications. A data communication network may be used to interconnect a number of computers for the purpose of sharing data and computational resources, and to allow their respective users to communicate with each other. Data networks may be relatively small, such as a LAN, or quite large, as with MANs and WANs. These data networks may even be connected together to form internets, allowing a great many computing devices to communicate with each other. As just one example, an individual user may use their own PC, in this context referred to as a client, to access a server via a data network. The server is typically a much more powerful computing device that may be accessed by many users to, for example, send and receive email, download web pages, or access streaming audio and video presentations.
The data network includes a number, and often a large number, of nodes such as switches, bridges, and routers, and other devices that are similar or hybrids of these basic nodes. Information transmitted through the network from one computing device to another is broken up into discreet units, often called packets. Each packet is individually addressed and sequentially numbered so that it can be routed through the network to its destination, where it can be reassembled into a usable form.
Each network node has some responsibility for receiving the packets sent to it, and re-sending them according to established communication protocols, until the packets reach their destination. In this, some nodes are more sophisticated than others. Routers, for example, are capable devices that often interconnect different networks and are able to examine the address on each received packet to determine the best way to forward it toward its destination. Routers often have many ports through which they send and receive data, and therefore may be directly connected to many other devices, including clients, servers, and other routers.
In a data network, it may be advantageous to classify ports on network routers as client ports or non-client ports. Client ports are those directly connected to a client, for example a PC or a workstation. These devices are generally used by a single user, and frequently are not configured and maintained to a high security level—in contrast, for example, to a server, which is often maintained by computer professionals and equipped with sophisticated security features.
Unfortunately, this leaves client devices more vulnerable to infection by viruses. These viruses vary in nature, but generally speaking are computer programs surreptitiously installed by malicious individuals (perhaps through other computer programs) to interfere with the operation of the infected computer, or to use the infected computer to interfere with the operation of others. Examples include DoS or DDoS attacks where one or more, perhaps many, client devices are programmed by the virus to send an enormous number of requests to a server, effectively causing it to be shut down until the problem can be remedied.
Identifying a port as a client port allows the router (or the network) to implement one or more security measures. Such measures include rate-limiting or max-bandwidth limitations, or anti-spoofing programs to frustrate malicious users and their viral programs. These solutions may not be appropriate for ports connected to servers or other routers, and in many cases will be counter-productive when so applied. So security measures cannot or should not simply be implemented for all ports. A manner of classifying each port as a client port or a non-client port is therefore needed.
One way, of course is simply manual classification. This, however, requires configuration by a user and assumes either that the configuration will not need to be changed or that the user will frequently manually review the port classifications and reconfigure as needed. In another case, ports associated with link aggregation or trunk operations can often be permanently classified as non-client ports. Naturally, however, this solution is limited to those ports so associated.
Accordingly, there has been and still is a need to address the aforementioned shortcomings and other shortcomings associated with the classification of ports on a router or similar network node. These needs and other needs are satisfied by the present invention.